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1.1 
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Configuring an Interface to Handle the Unknown Packets 


In actual application, the Ethernet interface may receive the unknown packets (DLF 
packets) and the OLT then broadcasts by default this kind of packets to all interfaces in a 
VLAN. This will increase the network load and influence the network capacity. To avoid the 
DLF packets from being broadcast, you can set on the egress to drop the DLF packets, 
which is called storm limit. 


Note: 


The storm limitation function cannot be applied on the ONU port. For how to create an 
ONU port, see the manual “ONU Management Configuration”. 


Command Purpose 
config Enters the global configuration 
mode. 
interface g0/1 Enters the to-be-configured port. 
[no] switchport block {unicast|multicast| broadcast} Sets flow control for a port. 


Unicast means that storm limit is 
conducted to the unknown unicast 
packets. 


Multicast means that storm 
control is conducted to the 
multicast packets. 


Broadcast means that storm 
control is conducted to the 
broadcast packets. 


exit Goes back to the — global 
configuration mode. 


exit Goes back to the EXEC mode. 


1.2 Configuring Port Isolation 


By default, the data packet between different uplink ports of the OLT, or the uplink port and 
PON port can be freely forwarded. But the data packet between PON ports are mutual 
isolated and not intercommunicated. In some cases, the isolation configuration must be 
adjusted, such as forbidding the data flow of uplink ports or enabling data communication 
between PON ports. This is what port isolation does. The ports within an isolated group 
based on the group's port isolation function cannot communicate with data. Ports between 
different groups and ports between the isolation group and out of the isolation group can 
forward regularly. 


Note: 


Port isolation can only be configured on the NNI port or the PON port. If port isolation is 
set on the PON port, all ONU ports under the PON port cannot communicate with other 
PON ports and NNI ports on which port isolation is configured. All PON ports are in the 
isolation group 1 by default. Port isolation is not supported on the ONU port. 


By ee 
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All isolation groups must be deleted, including the default existed isolation group 1, can 
the isolation not based on the group be applied. 


The port isolation function cannot be applied on the ONU port. For how to create an ONU 
port, see the manual “ONU Management Configuration”. 


Isolation based on the group: 


Command Purpose 
config Enters the global configuration mode. 
[no] port-protected group-id Creates and enters the isolation group mode, run 


this command. 
group-id Sets ID of the isolation group 


[no] description word Describes the group. 

Word Describes the character string of the group. 
exit Goes back to the global configuration mode. 
interface g0/1 Enters the to-be-configured port. 

[no] switchport protected group-id Adds/removes the isolation group 

group-id The isolation group ID 
exit Goes back to the global configuration mode. 
exit Goes back to the EXEC mode. 


Isolation not based on the group: 


Command Purpose 
config Enters the global configuration mode. 
no port-protected group-id Deletes the existed isolation group. 


Sets ID of the isolation group 


interface gp0/1 Enters the to-be-configured port. 

[no] switchport protected Enables or disables Port Isolation 

exit Goes back to the global configuration mode. 
exit Goes back to the EXEC mode. 


1.3. Configuring Storm Control on a Port 


The ports of OLT may bear continuous and abnormal impact from unicast (MAC address 
fails to be found), multicast or broadcast packets, and therefore gets paralyzed even to 
the extent that the whole OLT breaks down. That's why a mechanism must be provided to 
limit this phenomena. The storm control enables the OLT to set on the ingress the rates of 
different kinds of packets. 


Note: 


The storm control function cannot be applied on the ONU port. For how to create an ONU 
port, see the manual “ONU Management Configuration”. 


Command Purpose 
config Enters the global configuration 
mode. 
interface gp0/1 Enters the to-be-configured port. 


[no] storm-control {broadcast | multicast | unicast} | Configures storm control function of 
threshold count the port 


Unicast means that storm control is 
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conducted to the unicast packets. 


Multicast means that storm control 
is conducted to the multicast 
packets. 


Broadcast means that storm control 
is conducted to the broadcast 
packets. 


Count means the threshold of the 
being configuration 


exit Goes back to the global configuration 
mode. 
exit Goes back to the EXEC mode. 


1.4 Configuring Rate Limit on a Port 


Rate limit is used to limit the rate of a flow that runs through a port. 
Note: 


The port limitation function cannot be applied on the ONU port. For how to create an ONU 
port, see the manual “ONU Management Configuration”. 


Command Purpose 
config Enters the global configuration mode. 
interface gp0/1 Enters the to-be-configured port. 


[no] switchport rate-limit {band | bandwidth | Configures the rate limit for a port. 


percent } { ingress | egress} Band means to limit the flow rate. 


Percent means to limit the flow 
percentage. 


Ingress means to exert an influence on 
the ingress. 


Egress means to exert an influence on 


the egress. 

exit Goes back to the global configuration 
mode. 

exit Goes back to the EXEC mode. 


1.5 Configuring Port Loop Check 


Loopback detection is used to check whether loopback exists on an interface. You can 
configure the interval for a port to transmit the loop check packets. 


Note: 


The port loopback function cannot be applied on the ONU port. For how to create an ONU 
port, see the manual “ONU Management Configuration”. 
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1.6 


1.7 


Command Purpose 
config Enters the global configuration 
mode. 
interface g0/1 Enters the to-be-configured port. 
[no] keepalive [second ] Configures the interval for an 
interface to transmit the loop check 
packets. 


Second means the_ interval of 
transmitting the packets. 


exit Goes back to the global configuration 
mode. 
exit Goes back to the EXEC mode. 


Configuring MAC Learning on a Port 


MAC address learning is used to enable or disable MAC address learning on the 
interface. 


Note: 


The mac address learning function cannot be applied on the ONU port. For how to create 
an ONU port, see the manual “ONU Management Configuration”. 


Command Purpose 
config Enters the global configuration mode. 
interface g0/1 Enters the to-be-configured port. 
[no] switchport disable-learning Sets MAC address learning on a port. 
Enables/disables interface MAC address learning. 
exit Goes back to the global configuration mode. 
exit Goes back to the EXEC mode. 


Configuring Port Security 


1.7.1 Overview 


The security port can control the port access, enabling a port to be used in an allowable 
range that you set. You can enable the security function of a port by setting the maximum 
number (threshold) of secure MAC addresses and enabling the secure MAC address; if 
the MAC addresses which enters the port exceed the threshold and the MAC addresses 
are not the secure MAC addresses, we define this phenomenon as port security violation; 
if this phenomenon happens, different actions will be acted according to different violation 
modes. 


The security port has two functions: setting the maximum number of MAC addresses for 
the security port and setting the static secure MAC address. If the security port has no 
static secure MAC address or the number of the static secure MAC addresses is smaller 
than that of the secure MAC addresses, the dynamic learning of the secure MAC 
addresses will be conducted. If security port violation appears, the packets will be 
dropped until security port violation disappears. 


This section presents how to set a security port on OLT. 


-4- 
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1.7.2. Configuring Maximum MAC Limitation 


In the dynamic port security mode, the maximum MAC address number can be 
configured. 


Note: 


Maximum MAC limitation is not supported by the ONU port or PON port, so it can be 
configured only on the uplink ports. 


Command Purpose 
config Enters the global configuration 
mode. 
interface g0/1 Enters the to-be-configured port. 
[no] switchport port-security mode dynamic Sets/Cancels the port security mode 


to be dynamic. 


[no] switchport port-security dynamic maximum | Sets the allowable maximum MAC 
addresses for a port. 


count 
Countmax to be learned address 
number 

exit Goes back to the global configuration 
mode. 

exit Goes back to the EXEC mode. 


1.7.3. Configuring Static Mode Security Port 


The static mode will enable or disable the configured mac address list based on the rule 
Note: 


The static mode security port cannot be applied on the PON port or ONU port, but can be 
applied on the uplink port. 


Command Purpose 
config Enters the global configuration mode. 
interface g0/1 Enters the to-be-configured port. 


[no] switchport port-security mode static | Sets/Cancels the port security mode to 


F be static mode. 
{accept|reject} 
Accept means static security 


acceptation mode, which’ enables 
packets in the source mac to pass. 


Reject means static security mode, 
which enables packets in the source 


mac to pass. 
[no] switchport port-security static | Sets port security static mode mac 
mac-address H.H.H address list. 


H.H.H means the concrete mac address. 


exit Goes back to the global configuration 
mode. 
exit Goes back to the EXEC mode. 
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1.7.4 Port Binding 


This type of OLT can bind the IP address and the MAC address to a port at the same time, 
and of course you can bind either one to the port. Port binding is effective to the IP or ARP 
packets. 

Note: 


Port binding can only be applied on ONU port. 


Command Purpose 


config Enters the global configuration mode. 


interface g0/1 Enters the to-be-configured port. 


[no] switchport port-security {bind|block} | Configures Port Binding 
{ip|arp| both-arp-ip A.B.C.D | mac H.H.H = | ipv6 


jov6_addr} Bind means only packets complying with 


the binding requirement can pass and 
others will be refused. 


Block means only packets complying 
with the binding requirement will be 
refused, and other packets are allowed to 
pass. 


ip means only effective to the Ip packets 
that comply with the binding 
requirements. 


arp means only effective to the ARP 
packets that comply with the binding 
requirements. 


both-arp-ip means effective to the IP and 
ARP packets that comply with the binding 
requirements. 


mac means effective to the ip packets 
complying with the source mac address; 


Ipv6 means effective to the lpv6 packets 
that comply with the binding 
requirements. 


exit Goes back to the global configuration 
mode. 


exit Goes back to the EXEC mode. 


1.8 SVLIVL 


The OLT can configure SVL or IVL VLAN mode. It is IVL mode by default. 
Note: 


VLAN learning mode cannot apply on the ONU port. 


Command Purpose 
config Enters the global configuration mode. 
interface g0/1 Enters the to-be-configured port. 
[no] switchport shared-learning Sets the VLAN mode of a port. 
shared-learning means to configure SVL 
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mode. 


The default is IVL mode. 


exit Goes back to the global configuration 
mode. 
exit Goes back to the EXEC mode. 


1.9 Configuring Link Scan 


The command is used to scan the time interval on the port. You can fast scan the up/down 
state on the port. To configure the authentication mode, you also can run the following 
command in interface configuration mode: 


Command Purpose 
config Enters the global configuration mode. 
[no] link scan {normal | fast} interval Configures the time interval on the port. 


Normal means standard link scan mode. 


Fast Fast mode is mainly used for service 
protocol requirement, such as rstp. 


Interval Configures the scan time interval 
on the port. 


exit Goes back to the EXEC mode. 


1.10 Configuring System Mtu 


Run the following commands in the global mode to configure system MTU: 


Command Purpose 
config Enters the global configuration mode. 
[no] system mtu mtu Configures the value of system mtu. 


mtu Configured mtu value. The value ranges from 1500 
to 9216. 


exit Goes back to the EXEC mode. 


